vercel-react-native-skills
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): No malicious instructions or bypass patterns were detected. The use of terms like 'CRITICAL' and 'IMPORTANT' is strictly related to the performance impact of the described React Native rules.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, secrets, or sensitive file paths. No network operations are present aside from documentation links to trusted domains (react.dev, expo.dev, swmansion.com).
- [Obfuscation] (SAFE): The content is entirely plain text markdown with standard code blocks. No Base64, zero-width characters, or homoglyphs were found.
- [Unverifiable Dependencies] (SAFE): The skill references standard, widely-used React Native libraries (e.g., LegendList, FlashList, Reanimated). There are no remote script executions or untrusted package installations.
- [Indirect Prompt Injection] (SAFE): The skill serves as a static knowledge base and does not define tools that ingest or process external, untrusted data at runtime.
- [Dynamic Execution] (SAFE): No use of eval, exec, or unsafe deserialization. The provided code snippets are React Native component examples for guidance only.
Audit Metadata